Debian OpenVZ with a Centos7 container venet0 ip address survive boot

charly78 · 06-02-2016, 05:28 PM

I run a Debian setup using a Openvz kernel and run a bunch of Debian containers no problem. I made a Centos 7 container and am unable to get it to properly set the v4 ip address.

After a reboot I have to manual set the ip and systemctl restart network

Here is my conf for my container cat /etc/vz/conf/10.conf

Code:

NETFILTER="stateless"
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/$VEID"
VE_LAYOUT="simfs"
OSTEMPLATE="centos-7"
ORIGIN_SAMPLE="vswap-256m"
ONBOOT="yes"
HOSTNAME="host1.domain.com"
IP_ADDRESS="192.168.1.31"

Every reboot I need to go into, vzctl enter 10 to just edit the /etc/sysconfig/network-scripts/ifcfg-venet0

It seems to add the proper ipaddress to this but this does not seem to let my server function(unable to ping out or outside in.. ) cat /etc/sysconfig/network-scripts/ifcfg-venet0:0

Code:

DEVICE=venet0:0
IPADDR=192.168.1.31
NETMASK=255.255.255.255

So I edit nano /etc/sysconfig/network-scripts/ifcfg-venet0

Code:

DEVICE=venet0
ONBOOT=yes
BOOTPROTO=static
#IPADDR=127.0.0.1
IPADDR=192.168.1.31
NETMASK=255.255.255.0
#NETWORK=192.0.2.0
NETWORK=192.168.1.0
BROADCAST=0.0.0.0

then I issue the command systemctl restart network , Seems to get things running how do I get it so that it can survive a reboot so I do not have to constantly edit these files.

wpeckham · 06-04-2016, 05:44 AM

Do you have the latest updates and packages from the OpenVZ repos? I noticed such issues until I rebuilt my host server with the latest, and found it had added another set of control scripts for version 7 that had not been present earlier.

Also, if you HAVE those scripts and the entry for your base in the <CTID>.conf file is incorrect, it will use the wrong scripts. The commands to control services and set up networking changed markedly between versions 6 and 7 of RHEL and CentOS. Check that your OSTEMPLATE= says something with centos-7 in the string: this is how OpenVZ knows which control scripts to apply.

charly78 · 06-04-2016, 01:08 PM

I used a converted redhat kernel. Do you think I should update my kernel? how do I ensure my scripts are uptodate?

Code:

# uname -r
2.6.32-openvz-042stab113.11-amd64

Here is the configuration that my container is using

Code:

/etc/vz/dists# cat centos-7.conf
#  Copyright (C) 2000-2008, Parallels, Inc. All rights reserved.
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# This configuration file is meant to be used with
# the Redhat-7.x distribution kit.
#

ADD_IP=redhat-7.x_add_ip.sh
DEL_IP=redhat-del_ip.sh
SET_HOSTNAME=redhat-set_hostname.sh
SET_DNS=set_dns.sh
SET_USERPASS=set_userpass.sh
SET_UGID_QUOTA=set_ugid_quota.sh
POST_CREATE=postcreate.sh
SET_CONSOLE=set_console.sh

and here is the
redhat-7.x_add_ip.sh

Code:

/etc/vz/dists/scripts# cat redhat-7.x_add_ip.sh
#!/bin/bash
#  Copyright (C) 2000-2009, Parallels, Inc. All rights reserved.
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#
# Adds IP address(es) in a container running Red Hat 7 distro.

VENET_DEV=venet0
VENET_DEV_CFG=ifcfg-$VENET_DEV
IFCFG_DIR=/etc/sysconfig/network-scripts
IFCFG=${IFCFG_DIR}/ifcfg-${VENET_DEV}
NETFILE=/etc/sysconfig/network
HOSTFILE=/etc/hosts

function fix_ifup()
{
        file="/sbin/ifup"

        [ -f "${file}" ] || return 0
        [ "x${VE_STATE}" != "xstarting" ] && return 0

        if grep -q 'if \[ "\${DEVICE}" = "lo" \]; then' ${file} 2>/dev/null
        then
                cp -fp ${file} ${file}.$$ || return 1
                /bin/sed -e 's/if \[ "\${DEVICE}" = "lo" \]; then/if \[ "${IPADDR}" = "127.0.0.1" \]; then/g' < ${file} > ${file}.$$ &&
                        mv -f ${file}.$$ ${file}
                rm -f ${file}.$$ 2>/dev/null
        fi
}

function setup_network()
{
        local routefile=/etc/sysconfig/network-scripts/route-${VENET_DEV}

        # Set up venet0 main interface as 127.0.0.1
        mkdir -p ${IFCFG_DIR}
        echo "DEVICE=${VENET_DEV}
ONBOOT=yes
BOOTPROTO=static
IPADDR=127.0.0.1
NETMASK=255.255.255.0
NETWORK=${FAKEGATEWAYNET}
BROADCAST=0.0.0.0" > $IFCFG || error "Can't write to file $IFCFG" $VZ_FS_NO_DISK_SPACE

        # Set /etc/sysconfig/network
        put_param $NETFILE NETWORKING yes
        put_param $NETFILE GATEWAY ${FAKEGATEWAY}

        # Set up /etc/hosts
        if [ ! -f ${HOSTFILE} ]; then
                echo "127.0.0.1 localhost.localdomain localhost" > $HOSTFILE
        fi
        fix_ifup
}

function create_config()
{
        local ip=$1
        local netmask=$2
        local ifnum=$3
        local file=${IFCFG_DIR}/bak/${VENET_DEV_CFG}:${ifnum}

        echo "DEVICE=${VENET_DEV}:${ifnum}
IPADDR=${ip}
NETMASK=${netmask}" > $file ||
        error "Can't write to file $file" ${VZ_FS_NO_DISK_SPACE}
}

function get_all_aliasid()
{
        IFNUM=-1

        cd ${IFCFG_DIR} || return 1
        IFNUMLIST=`ls -1 bak/${VENET_DEV_CFG}:* 2>/dev/null |
                sed "s/.*${VENET_DEV_CFG}://"`
}

function get_aliasid_by_ip()
{
        local ip=$1
        local idlist

        cd ${IFCFG_DIR} || return 1
        IFNUM=`grep -l "IPADDR=${ip}$" ${VENET_DEV_CFG}:* | head -n 1 |
                sed -e 's/.*:\([0-9]*\)$/\1/'`
}

function get_free_aliasid()
{
        local found=

        [ -z "${IFNUMLIST}" ] && get_all_aliasid
        while test -z ${found}; do
                let IFNUM=IFNUM+1
                echo "${IFNUMLIST}" | grep -q -E "^${IFNUM}$" 2>/dev/null ||
                        found=1
        done
}

function backup_configs()
{
        local delall=$1

        rm -rf ${IFCFG_DIR}/bak/ >/dev/null 2>&1
        mkdir -p ${IFCFG_DIR}/bak
        [ -n "${delall}" ] && return 0

        cd ${IFCFG_DIR} || return 1
        if ls ${VENET_DEV_CFG}:* > /dev/null 2>&1; then
                cp -rf ${VENET_DEV_CFG}:* ${IFCFG_DIR}/bak/ ||
                        error "Unable to backup interface config files" ${VZ_FS_NO_DISK_SPACE}
        fi
}

function move_configs()
{
        cd ${IFCFG_DIR} || return 1
        rm -rf ${VENET_DEV_CFG}:*
        mv -f bak/* ${IFCFG_DIR}/ >/dev/null 2>&1
        rm -rf ${IFCFG_DIR}/bak
}

function add_ip()
{
        local ipm
        local new_ips
        local if_restart=

        # In case we are starting CT
        if [ "x${VE_STATE}" = "xstarting" ]; then
                # Remove all VENET config files
                rm -f ${IFCFG} ${IFCFG}:* >/dev/null 2>&1
                [ -z "${IP_ADDR}" ] && return 0
        fi
        if [ ! -f "${IFCFG}" ]; then
                setup_network
                if_restart=1
        fi
        backup_configs ${IPDELALL}
        new_ips="${IP_ADDR}"
        if [ "x${IPDELALL}" = "xyes" ]; then
                new_ips=
                for ipm in ${IP_ADDR}; do
                        ip_conv $ipm
                        get_aliasid_by_ip "${_IP}"
                        if [ -n "${IFNUM}" ]; then
                                # ip already exists just create it in bak
                                create_config "${_IP}" "${_NETMASK}" "${IFNUM}"
                        else
                                new_ips="${new_ips} ${ipm}"
                        fi
                done
        fi
        for ipm in ${new_ips}; do
                ip_conv $ipm
                get_free_aliasid
                create_config "${_IP}" "${_NETMASK}" "${IFNUM}"
        done
        move_configs
        if [ "x${VE_STATE}" = "xrunning" ]; then
                if [ -n "${if_restart}" ]; then
                        ifup ${VENET_DEV}
                elif ! ifconfig ${VENET_DEV} | grep -q RUNNING 2>/dev/null; then
                        ifup ${VENET_DEV}
                else
                        # synchronyze config files & interfaces
                        cd /etc/sysconfig/network-scripts && ./ifup-aliases ${VENET_DEV}
                fi
        fi
}

add_ip
exit 0
# end of script

charly78 · 06-04-2016, 01:11 PM

now I am using debian and might of used originaly the debian repos but not sure what I have or what package contains the scripts..

what do I look for?

Code:

dpkg -l |grep openvz
ii  linux-headers-2.6.32-openvz-042stab113.11-amd64   1                                 amd64        Header files related to Linux kernel, specifically,
ii  linux-image-2.6.32-openvz-042stab113.11-amd64     1                                 amd64        Linux kernel binary image for version 2.6.32-openvz-042stab113.11-amd64
ii  linux-source-2.6.32-openvz-042stab113.11-amd64    1                                 all          Linux kernel source for version 2.6.32-openvz-042stab113.11-amd64

wpeckham · 06-04-2016, 09:17 PM

If I remember correctly, they are part of the vzctl package or supporting lib package.

Were I you, I would load an appropriate vzkernel from the repo instead of patching the sources and compiling that. I have done it both ways, and decided to go with OpenVZ standard builds rather than my own: the ways your build can go silently wrong are many.

I do not have an OpenVZ host before me (weekend, long story) but none of that quoted above throws alarms. On the other hand that conf file does not really look quite right, but I cannot exactly identify a flaw without good files to compare. I would like to see the REAL conf file used by the container (for CTID=101 it would be 101.conf in /etc/vz/conf) and compare it to one of mine.

I use OpenVZ a LOT, but would not call myself a virizzio expert. Most of mine have been on CentOS hosts with CentOS guests. I have done Debian hosts with mixed guests (Before RHEL7 was released), but we had to pick a standard and RHEL/CentOS was the choice. You may benefit by searching the OpenVZ WIKI and forums, or presenting the question there. They have many REAL experts, and are generally eager to help.

charly78 · 06-04-2016, 11:37 PM

Most of my builds are using the latest at the time of build (unless there is a problem then I get a newer version) kernel that is released for openvz (can not wait til the v3 builds) Most of everything I build is debian with debian containers. I get stuck every so often and licencing requires no matter how much I complain to have a systemd redhat type distro so i have made a container with centos7 it works good does the job but the ip being configured at startup is not putting in the proper spot..

so if there is a power outtage or some reason to reboot the system I have to manualy go in and edit the ip in the container.

Code:

/etc/vz/dists/scripts# dpkg -l |grep "vzctl"
ii  vzctl                                             4.9.4-2                           amd64        server virtualization solution - control tools

i am running the latest from my debian distro..
i guess I need to get the latest from openvz can someone maybe post there version number and or redhat-7.x_add_ip.sh file?

Code:

/etc/vz/dists/scripts# apt-get install vzctl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
vzctl is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

wpeckham · 06-05-2016, 06:20 AM

What versions of the OpenVZ packages do you have?
There was a bug in vzctl 4.8 that was fixed in 4.9 that can cause these symptoms at times, described here: https://forum.openvz.org/index.php?t...bea2adbf2b139b

You may also want to examine this solution https://www.centos.org/forums/viewtopic.php?t=53029
as I cannot tell if it applies, but did resolve the issue for another case.

Grepitout has a different fix that attacks the problem at the source: the difference between systemd and initd systems: http://grepitout.com/openvz-centos-7-network-bug/

I prefer having the latests and well fixed packages, but this last solution has an elegance also.

In any case, make sure you back up your container first. If a solution fails, you will want to back it out totally before trying something different, to ensure that you have not broken things in a worse way.

I do prefer to run Debian for servers. I run and we standardized on CentOS for good reason. The OpenVZ developers develop for RHEL (and CentOS is binary compatible) first. Every other platform is an afterthought, so CentOS (and RHEL) gets the best fixes earlier. Just a thought.